Bounty Awards

We provide rewards to vulnerability reporters at our discretion. The following are guidelines to indicate typical reward amounts.


Systemic compromise

Examples: remote code execution, SQL injection with significant impact, and vertical authentication bypasses.


Access to other user's private data

Examples: Stored XSS or CSRF with significant impact, Internal SSRF, IDOR with significant impact, and lateral authentication bypasses.


Limited access to other user's private data

Examples: Reflective XSS with impact, CSRF, IDOR, and open redirects with impact.


Configuration issues and other vulnerabilities with limited impact

Examples: Misconfigurations including SPF and SSL, CSRF, and XSS vulnerabilities with limited impact.